Research On Client Integrity Measurement In Trusted Network

With the proposal and development of trusted computing, it is a good idea to combine the trusted computing mechanism with network access mechanism, the credibility of extension to the network, ensure the credibility at the end. Trusted network include trusted clinet,trusted data,trusted behavior of transfer,trusted connection of network,trusted server, etc. Whether trusted computing or trusted network, integrity measurement is the core technology of credibility, at present, the credibility is achevied by the integrity of components and software, it is needed to measure and monitor the behavior of network client.While the system starts, the current trusted computer will check the data integrity of the important system resources to ensure the temporary security in the initial stage of starting. However, the computer does not measure and monitor the trustiness of the behavior of software,can't achieve software dynamic trustiness measurementAccording to the principles of existing software behavior, this paper research the behavior of system call in the running of software.the trustiness behavior of client is ensured by monitoring the system call of software.In Windows system,API system call is very frequently, we can judgy the behavior of the software by the API system call.Record the correct behavior of system call, generate software behavior library, in the process of software running, we monitor the software behavior and compare it with the behavior library to judge the behavior,perform behavior integrity measurement to ensure the trusted behavior. In linux system, the software system call is software behavior.But the correct software behavior can't ensure the credbility of client, the client credbility include the trused client include trustiness software and trustiness environment, trustiness environment means trustiness system. we can measure the integrity of system function to achieve trustiness environment.Because the Windows function is closed, it doen't to measure the integrity of system function directly, but can measure the integrity of system function code segment to achieve trustiness environment.Linux system is open system platform, on the linux platform, integrity measurement technology is very mature, we can make use of these technologies to measure the integrity of the system functions to ensure the credibility of the software operating environment. From the system start to normal boot, in this process, we acheive trustiness measurement by static integrity measurement, after the running of software, we achieve trustiness measurement by dynamic trustiness measurement, and achieve security environment by the interity measurement of system function, so it is clinet integrity measurement process.